Yes, it is sophisticated. Phishing emails are opened more often then regular mail (assuming it’s in your inbox) and click-rate is pretty high.
You might be good at cracking phishing simulation at your workplace, but many people won’t know if “amazon.example.com” or “example.amazon.com” is real. This is of course something good filter will pick up, but consider how hard it is to make sure 0 employees fall to the attack.
Also, even 2FA can get compromised with notification spam, that’s how it played out in one of the attacks couple of years ago.
>Yes, it is sophisticated. Phishing emails are opened more often then regular mail and click-rate is pretty high.
You're confusing "sophisticated" with "efficient". Phishing is efficient but unsophisticated; it boils down to one of the oldest tricks ever, to make you believe that $foo is $bar.
You might be good at cracking phishing simulation at your workplace, but many people won’t know if “amazon.example.com” or “example.amazon.com” is real. This is of course something good filter will pick up, but consider how hard it is to make sure 0 employees fall to the attack.
Also, even 2FA can get compromised with notification spam, that’s how it played out in one of the attacks couple of years ago.